People are becoming more aware of information security risks presented in today's highly connected world. Identity theft affects a rising number of individuals and newspaper headlines are frequently directed to high-level data hackings and leaks of non-public information. Individuals and organizations often take steps to ensure their computers and networks are secure from malicious attacks. Auxiliary devices connected to computers are also used, in many instances, to surreptitiously obtain private data. A peripheral device may, for example, be connected to a computer and utilized to obtain information from the computer without a user's knowledge. In order to prevent unauthorized connected devices from accessing and extracting data from computers, security solutions may use whitelists of device identifiers (IDs) for authorized devices.
However, various auxiliary devices, including composite devices having multiple possible configurations, may be easily spoofed such that they present false device IDs, such as product IDs and vendor IDs, to connected computers. In some cases, an auxiliary device may have both a valid configuration and a malicious configuration. When the auxiliary device is connected to a computer, the auxiliary device may present a product ID indicating that the auxiliary device is, for example, a webcam having a configuration with no data storage capabilities. Once the auxiliary device is connected to the computer, a malicious interface not indicated by the product ID may be used by the auxiliary device to obtain and store data from the connected computer. Such unauthorized access to data may be costly and time-consuming to address. Additionally, sensitive information may be obtained and utilized by malicious parties, resulting in unrecoverable losses to individuals and organizations. The instant disclosure, therefore, identifies and addresses a need for systems and methods for controlling auxiliary device access to computing devices based on device functionality descriptors.